1
我们目前正在为具有基本CRUD功能的每个数据表构建Web API和控制器。我们遇到的问题是更新。我们创建了自定义绑定模型来引入我们需要的数据,然后将绑定模型转换为对象,并将其传递给我们的更新函数。Web Api通过绑定模型更新特定属性
我们遇到的问题是,当客户端通过POST发送数据时,我们的绑定模型会收到它并填充它们使用值设置的字段,并填充为空的所有内容。因此,当我们将其转换为数据对象并将其发送给Update函数时,它将覆盖未从客户端设置为空的字段。
这显然会导致问题,因为我们不希望用户意外删除信息。
这里是我们如何运行的东西与客户端,结合模型,及更新的例子,
团队绑定模型
/// <summary>A Binding Model representing the essential elements of the Team table</summary>
public class TeamBindingModel
{
/// <summary>The Id of the team</summary>
[Required(ErrorMessage = "An ID is required")]
public int ID { get; set; }
/// <summary>The name of the team</summary>
[Required(ErrorMessage = "A Team Name is required")]
[Display(Name = "Team Name")]
[StringLength(35)]
public string Team1 { get; set; }
/// <summary>The email associated with the team</summary>
[StringLength(120)]
[DataType(DataType.EmailAddress)]
public string Email { get; set; }
public bool ShowDDL { get; set; }
}
的UpdateTeam CRUD方法
// PUT: api/Team
/// <summary>
/// Attempt to update a team with a given existing ID
/// </summary>
/// <param name="team">TeamBindingModel - The binding model which needs an Id and a Team name</param>
/// <returns>IHttpActionResult that formats as an HttpResponseCode string</returns>
[HttpPut]
[Authorize(Roles = "SystemAdmin.Teams.Update")]
public async Task<IHttpActionResult> UpdateTeam(TeamBindingModel team)
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
try
{
// Convert the binding model to the Data object
Team teamObject = team.ToObject();
unitOfWork.TeamRepository.Update(teamObject);
await unitOfWork.Save();
}
catch (DbUpdateConcurrencyException)
{
return BadRequest();
}
catch (Exception ex)
{
return BadRequest(ex.Message);
}
return Ok();
}
ToObject函数
/// <summary>Takes the Team Binding model and converts it to a Team object</summary>
/// <returns>Team Object</returns>
public virtual Team ToObject()
{
// Setup the data object
Team newObject = new Team();
// Instantiate the basic property fields
newObject.ID = this.ID;
newObject.Team1 = this.Team1;
newObject.Email = this.Email;
newObject.ShowDDL = this.ShowDDL;
return newObject;
}
的更新功能
public virtual void Update(TEntity entityToUpdate)
{
try
{
dbSet.Attach(entityToUpdate);
dbContext.Entry(entityToUpdate).State = EntityState.Modified;
}
catch (Exception ex)
{
throw ex;
}
}
保存功能
public async Task Save()
{
await dbContext.SaveChangesAsync();
}
客户端调用/测试/错误
// Add team to update and remove
var db = new genericDatabase();
var teamDB = new Team { Team1 = "testTeam", Email = "[email protected]", ShowDDL = true};
db.Teams.Add(teamDB);
db.SaveChanges();
// Look for items in the database
var originalTeamInQuestion = (from b in db.Teams
where b.Team1 == "testTeam"
select b).FirstOrDefault();
// Create Team object with the some changes
var team = new
{
ID = originalTeamInQuestion.ID,
Team1 = "changedTestTeam",
ShowDDL = false,
};
// This is the API call which sends a PUT with only the parameters from team
var teamToUpdate = team.PutToJObject(baseUrl + apiCall, userAccount.token);
// Look for items in the database
var changedTeamInQuestion = (from b in db.Teams
where b.Team1 == "changedTestTeam"
select b).FirstOrDefault();
// This Assert succeeds and shows that changes have taken place
Assert.AreEqual(team.Team1, changedTeamInQuestion.Team1);
// This Assert is failing since no Email information is being sent
// and the binding model assigns it to Null since it didn't get that
// as part of the PUT and overrides the object on update.
Assert.AreEqual(originalTeamInQuestion.Email, changedTeamInQuestion.Email);
对此的一些替代方法的任何想法?我们曾想过要求客户首先通过对API进行GET调用,然后修改对象来获取整个对象,但如果客户端不遵循该协议,则可能会非常危险地清除敏感数据。
是客户端的MVC网站? –
为什么不在回购层更新之前进行获取并合并两个对象模型和实体,然后将该合并对象传递给更新方法。通过这种方式,您将确保只发送udpated值并且其他任何东西保持不变。 – Prashant